On Fri, 2024-03-29 at 19:27 +0000, Martin Dosch wrote: > Bookworm has version 5.4.1. The version known to be backdoored have > only > been in testing/unstable.
xz-utils release tarballs from 5.4.3 onwards were signed with Jia Tan's PGP key. 5.4.2 is the last release signed by the original author Lasse Collin, at least for files published in: https://xz.tukaani.org/xz-utils/old-releases.html It would be wise not to trust any recent version of this software until we know more what happened.
